package cn.sail.shiroAuthenticator.controller;

import cn.sail.pojo.vo.RespResult;
import cn.sail.shiroAuthenticator.pojo.entity.User;
import io.swagger.annotations.Api;
import io.swagger.annotations.ApiOperation;
import org.apache.shiro.SecurityUtils;
import org.apache.shiro.authc.UsernamePasswordToken;
import org.apache.shiro.authz.annotation.RequiresPermissions;
import org.apache.shiro.authz.annotation.RequiresRoles;
import org.apache.shiro.subject.Subject;
import org.springframework.stereotype.Controller;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RequestMethod;
import org.springframework.web.bind.annotation.ResponseBody;

@Api("用户业务接口")
@Controller
@RequestMapping("user")
public class UserController {

    @ResponseBody
    @RequestMapping(value = "info",method= RequestMethod.GET)
    @ApiOperation("获取用户信息")
    @RequiresPermissions("user:info")
    public RespResult info() {
        //通过Shiro框架获取用户信息
        User sessionUser = (User) SecurityUtils.getSubject().getPrincipal();
        RespResult  result = new RespResult();
        result.setData(sessionUser);
        return result;
    }

    @ResponseBody
    @RequestMapping(value = "login",method= RequestMethod.POST)
    @ApiOperation("用户登录")
    public RespResult login(User user){
        RespResult  result = new RespResult();
        UsernamePasswordToken token = new UsernamePasswordToken(user.getUserName(), user.getPassword());
        Subject subject = SecurityUtils.getSubject();
        subject.login(token);
        result.setMessage("登录成功");
        return result;
    }

    @ResponseBody
    @RequestMapping(value = "list",method= RequestMethod.GET)
    @ApiOperation("获取所有用户")
    @RequiresPermissions("user:list")
    public String list() {
        return "获取所有用户成功";
    }

    @ResponseBody
    @RequestMapping(value = "insert",method= RequestMethod.POST)
    @ApiOperation("新增用户")
    @RequiresPermissions("user:insert")
    public String insert() {
        return "新增用户成功";
    }

    @ResponseBody
    @RequestMapping(value = "delete",method= RequestMethod.POST)
    @ApiOperation("删除用户")
    @RequiresPermissions("user:delete")
    public String delete() {
        return "删除用户成功";
    }

    @ResponseBody
    @RequestMapping(value = "update",method= RequestMethod.POST)
    @ApiOperation("更新用户")
    @RequiresPermissions("user:update")
    public String update() {
        return "更新用户成功";
    }

}
